Minneapolis Police Station “Hack”
Good morning everyone, Over the weekend I have been reading up on these apparent cyber attacks on the Minneapolis Police Stations Computer systems. Today I am going to be breaking down these reported attacks and give my reasons why I feel that these attacks are fake. This is the first time I have created a breakdown post on a hack so let me know what you think :)
First things first, I have been reading posts from people on twitter saying that the website was hacked because it went offline (It was a DDoS Attack). My response to this just because a website is DDossed does not mean that the website was hacked, A DDoS attack is not a hack it is an attack its just script kiddies thinking its fun to take a website offline.
I have also been investigating this “data breach” where police emails and passwords were leaked and as soon as I took a look at the data dump I almost instantly knew it was fake here are my reasons why I believe it is fake
The passwords are very stupid and very unsecure for a police station, Im going to list a few of the passwords that were in the dump. Password (Yes that was really a password), werty, 123456, linkedin. I feel that these passwords would been flagged if there are any security measures inplace (Unsure if there are or not)
In a more detailed examination
There are 798 email addresses in the data set but only 689 unique ones. 87 of the email addresses appear multiple times, usually twice, but one of the emails appeared 7 times.
it’s usually very unlikely to see the same email address with multiple different passwords in a real data breach as majority ofsystems simply won’t let an address register more than once.
Of the 689 unique email addresses, 654 of them are already in Have I Been Pwned. That’s a hit rate of 95% which is massively higher than any all-new legitimate breach
Majority of these emails and passwords have already been leaked before, which means that these details were already on the internet
The same email appeared 7 times. That address appeared once with the alias precisely represented as the password, once with it almost precisely as the password, once with “mickey23”, once with “mickey23mikmonkhou”, once with “32yekcim” (Reversed), once with “mickey2” and once with a “mickey23” prefix followed by a string that created an email address at a college. Why so many times? Because the data has almost certainly been pulled out of existing data breaches in an attempt to falsely create a new one:
Here are some of the passwords that were in the dump and how many times the password has been seen in different dumps (According to HaveIBeenPwned)
- 123456 (23,547,453 occurrences)
- qwerty (3,912,816 occurrences)
- password (3,730,471 occurrences)
- abc123 (2,855,057 occurrences)
- password1 (2,413,945 occurrences)
- sunshine (412,385 occurrences)
- shadow (343,769 occurrences)
- linkedin (291,385 occurrences)
- andrew (265,776 occurrences)
- joshua (262,771 occurrences)
- loveme (233,835 occurrences)
- freedom (221,713 occurrences)
- friends (218,341 occurrences)
- summer (214,360 occurrences)
- samantha (211,498 occurrences)
- maggie (211,290 occurrences)
- batman (206,795 occurrences)
- harley (197,503 occurrences)
- jasmine (192,023 occurrences)
- martin (188,772 occurrences)
Although this is just my personal Opinion, I could be wrong but with the information I have been given and from what I have seen I believe that this dump is fake. This dump really makes me sick to my stomach as this fake leak is targeted towards police, People are targeting police hoping they get attacked which is disgusting that anyone would want to do this, Im not going to talk much about the incident but Yes the officer was in the wrong and caused George to die and he has been arrested for murder but these violent protests are uncalled for, you are just causing more injuries and deaths. I hope everyone is keeping safe during these times.
That’s about it for this blog post. As always if you enjoy my content you can support me by becoming a patreon Here This allows me to make blogging a full-time job and gives me more time to blog as I do not need to get a part-time job. When you become a patreon you unlock perks such as premium support, Custom roles in the discord, Access to bot code and much more. I would highly suggest checking it out.
Thanks for your support Bencey